Matteo Corti <corti@inf.ethz.ch> wrote:
> [snip]
> >> >> The computer on which dnsmasq runs should have a resolv.conf
> >> >> containing "nameserver 127.0.0.1" (and NOTHING ELSE) - assuming you
> >> >> want it to cache for itself as well as other computers on your LAN.
> >> >
> >> >Eh? How would it know who to use as dns forwarder if that were the case?
> >> >No - it can have all it likes, PLUS 127.0.0.1. Dnsmasq reads
> >> >resolv.conf to figure out the forwarders.
> >>
> >> Read what I said, which was
> >> server=ns.ip.goes.here
> >
> > You did not say it, and I quoted what you said (whoever "you" are,
> > "buck").
> >
> >> Which is where the forwarders come from.
> >
> > I have no idea exactly what you are talking about there, but it looks
> > like a line from some configuration file or tool. What has that got to
> > do with dnsmasq? How about speaking in complete sentences? Might it be
> > a line from dnsmasq.conf? If so, why put it there? The right place for
> > it is as an entry in resolv.conf, where dnsmasq will pick it up, cache
> > for it, and forward to it, as it is designed to do, and where dhcp will
> > add the entry if it is allowed to! May I draw your attention to another
> > line in the dnsmasq.conf file:
>
> Sorry but Buck is right: server= is an option of dnsmasq (in
> dnsmasq.conf).

*HE* did not say so - *I* did. You even quoted me saying so and him NOT
saying so.

> What you are suggesting (letting the servers in the resolf.conf file)
> is ok in the sense that all the machines using the machine where

Uh .. "machines using the machine"?

> dnsmasq is installed will be using dnsmasq (I know
> that this is not the better explanation but ...)

It's incomprehensible. Machines do not use machines. Am I going to have
to guess what somebody intended to write and did NOT write again?

My guess is that you mean to say "all the machines using the machine with
dnsmasq on as their dnsserver". However the rest of the sentence is
then incomprehensible. Dnsmasq is a one-machine dnsserver. I don't know
if it responds to external queries or not! Its intended use is on a
portable that moves from place to place and gets its configuration via
dhcp. So the idea of using it as a dns server to OTHER machines in a
network is simply out-of-field as far as I am concerned!



> The problem with what you are suggesting is that all the requests made
> on the machine where dnsmasq is installed will bypass dnsmasq
> (they will use the external DNS servers found in resolv.conf)

No they won't. They will all go to dnsmasq. 127.0.0.1 is listed first,
hence they go to dnsmasq. Dnsmasq forwards the requests to the servers
named second and third. Now, if you were to ask me "what happens in
case of dns timeouts on the servers", well, you'd ordinarily get three
times the normal timeout, but I suspect dnsmasq caches negative
responses after the first such and possibly converts dns timeouts into
negatives, so that the remaining server entries are not consulted.

After all, that is what it is for! Hence my surmise as to the detail of
how it works.

-N, --no-negcache
Disable negative caching. Negative caching allows dnsmasq
to remember "no such domain" answers from upstream
nameservers and answer identical queries without forwarding
them again. This flag disables negative caching.

Well, that says part of what I surmise. I guess there is more too.

Dnsmasq is a DNS query forwarder: it it not capable of
recursively answering arbitrary queries starting from the
root servers but forwards such queries to a fully recur*
sive upstream DNS server which is typically provided by an
ISP. By default, dnsmasq reads /etc/resolv.conf to dis*
cover the IP addresses of the upstream nameservers it
should use, since the information is typically stored
there. Unless --no-poll is used, dnsmasq checks the modi*
fication time of /etc/resolv.conf ...

and that says more of what you should know.


> If we instruct dnsmaq with no-resolv *and* servers=.... not to use
> /etc/resolv conf we will have a working dnsmasq and more important we

There is no point to this! Dnsmasq is designed to get the server
addresses from resolv.conf (and to disregard the 127.0.0.1 entry,
which should be first) and to forward to them and to cache for them,
etc. and so you will ALREADY have a "working dnsmasq".

> will be able to put 127.0.0.1 in resolv.conf to allow the machine

You would have put it there anyway! That is what dnsmasq is supposed
to expect there! I quote:

In order to configure dnsmasq to act as cache for the host on which it
is running, put "nameserver 127.0.0.1" in /etc/resolv.conf to force
local processes to send queries to dnsmasq.

> itself to use dnsconf.

Why go round the houses on this? You have offered no reasons for what
you want to do - indeed, all the reasoning you have offered has been
manifestly false! See above for the rebuttals! There ARE arguments why
you might want to configure dnsmasq to NOT look in resolv.conf and use a
fixed server configuration instead, but you haven't made any of them.
Indeed, whatever you might say is contraindicated by the fact that dhcp
will put dns servers gleaned from the net in resolv.conf, so dnsmasq
MUST read that file to find them.

Getting around THAT takes some configuring - you'd have to engineer the
dhcp scripts to put server info in a different file, and tell dnsmasq
to look in that file. But again that would have nothing to do with your
proposed server= line, so why on earth suggest such a thing? Where do
you get your _reasoning_?


Peter